Date: Sat, 22 Jul 2006 15:26:54 +0330 From: "Babak Farrokhi" <babak@farrokhi.net> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: ports/100715: [Maintainer Update] port security/super - add MASTER_SITES Message-ID: <1153569414.20423@starfish.datak.net> Resent-Message-ID: <200607221200.k6MC0ZWS056553@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 100715 >Category: ports >Synopsis: [Maintainer Update] port security/super - add MASTER_SITES >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jul 22 12:00:34 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Babak Farrokhi >Release: FreeBSD 6.1-STABLE i386 >Organization: >Environment: System: FreeBSD 6.1-STABLE #2: Tue Jul 11 14:37:46 IRST 2006 root@starfish.datak.net:/usr/obj/usr/src/sys/SMP >Description: - add MASTER_SITES - update pkg-descr to make portlint happy - add WWW and AUTHOR >How-To-Repeat: >Fix: --- super.patch begins here --- diff -ruN super.orig/Makefile super/Makefile --- super.orig/Makefile Sat Jul 22 15:16:52 2006 +++ super/Makefile Sat Jul 22 15:21:35 2006 @@ -9,7 +9,8 @@ PORTNAME= super PORTVERSION= 3.26.1 CATEGORIES= security sysutils -MASTER_SITES= ftp://ftp.ucolick.org/pub/users/will/ +MASTER_SITES= ftp://ftp.ucolick.org/pub/users/will/ \ + http://www.ucolick.org/~will/RUE/super/ EXTRACT_SUFX= -tar.gz MAINTAINER= babak@farrokhi.net diff -ruN super.orig/pkg-descr super/pkg-descr --- super.orig/pkg-descr Sat Jul 22 15:16:52 2006 +++ super/pkg-descr Sat Jul 22 15:23:46 2006 @@ -1,4 +1,4 @@ -Super is a setuid-root program that offers +Super is a setuid-root program that offers: o restricted setuid-root access to executables, adjustable on a per-program and per-user basis; @@ -7,30 +7,8 @@ scripts can be run as root (or some other uid/gid), without unduly compromising security. -Sample uses: - - to call a script that allows users to use mount(8) on - cdrom's or floppy disks, but not other devices. +The design philosophy behind super is two-fold: - - to restrict which users, on which hosts, may execute a - setuid-root program. - - - to allow groups of trusted users (e.g. an "operator" group) complete - root access to sets of selected commands such as, say, line-printer - control commands, without giving away access to other commands, - and with full logging of all commands used. - - -Super and sudo --------------- -Sudo -- - Sudo allows a permitted user to execute a command as the superuser. - Its central design philosophy is that each user can be - trusted when executing certain commands. This is implemented - by allowing each user to execute the restricted commands for - which s/he is trusted, without giving access to other restricted commands. - -Super -- - The design philosophy behind super is two-fold: (a) some users can be trusted when executing certain commands; (b) there are some commands, such as a script to mount CDROM's, which you'd like to be safely executable even by users who @@ -39,14 +17,5 @@ can be hard to break, and super provides that wrapper so that even a non-trusted user can use the scripts. -In the author's view, the main differences to the administrator are: - - (1) the files that specify valid user/command combinations have - a different look and feel. - - (2) super provides a safe wrapper for scripts, so that a - well-written script can be run safely by ordinary - users without having to actually trust them. - - --- David (obrien@FreeBSD.org) +WWW: http://www.ucolick.org/~will/#super +AUTHOR: Will Deich <will@ucolick.org> --- super.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1153569414.20423>